Hi there,

This update is ~5 months old. We moved to a different cluster in the meantime. The old cluster has been (afaik) decommissioned.

The new cluster is: https://osci-jenkins-1.ci.fedoraproject.org

I can rerun the tests for you so you get a new URL in Bodhi.

Thanks,
Michal



On Mon, Mar 1, 2021 at 12:01 PM Jan Pazdziora <jpazdziora@redhat.com> wrote:

Hello,

my Fedora update

        https://bodhi.fedoraproject.org/updates/FEDORA-2020-b727e91aa8

has one passed automated test fedora-ci.koji-build.tier0.functional
with link pointing to

        https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenkins/fedora-f33-build-pipeline/detail/fedora-f33-build-pipeline/202/pipeline/

However, access to that URL from Fedora 33's Firefox
firefox-84.0.2-1.fc33.x86_64 results in

        Secure Connection Failed
        An error occurred during a connection to
        jenkins-continuous-infra.apps.ci.centos.org.

        PR_END_OF_FILE_ERROR
            The page you are trying to view cannot be shown because
            the authenticity of the received data could not be
            verified.
            Please contact the website owners to inform them of this problem.

Even accessing it via curl fails:

        $ curl -k https://jenkins-continuous-infra.apps.ci.centos.org/blue/organizations/jenkins/fedora-f33-build-pipeline/detail/fedora-f33-build-pipeline/202/pipeline/
        curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to jenkins-continuous-infra.apps.ci.centos.org:443

Checking with openssl shows that there is not certificate / encryption
offered (?):

        $ openssl s_client -connect jenkins-continuous-infra.apps.ci.centos.org:443
        CONNECTED(00000003)
        write:errno=0
        ---
        no peer certificate available
        ---
        No client certificate CA names sent
        ---
        SSL handshake has read 0 bytes and written 337 bytes
        Verification: OK
        ---
        New, (NONE), Cipher is (NONE)
        Secure Renegotiation IS NOT supported
        Compression: NONE
        Expansion: NONE
        No ALPN negotiated
        Early data was not sent
        Verify return code: 0 (ok)
        ---

Could the Jenkins instance used for Fedora CI have its certificates
fixed or have some frontend proxy in from of them so that access from
contemporary Fedora versions works?

--
Jan Pazdziora
Product Owner, Platform Security Readiness, Red Hat
_______________________________________________
CI mailing list -- ci@lists.fedoraproject.org
To unsubscribe send an email to ci-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure